A vulnerability, which was classified as critical, was found in Calendar Event Management System 2.3.0. This affects an unknown part. The manipulation of the argument start/end leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220197 was assigned to this vulnerability.
References
Link | Resource |
---|---|
https://vuldb.com/?ctiid.220197 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.220197 | Permissions Required Third Party Advisory |
https://www.youtube.com/watch?v=eoPuINHWjHo | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Feb 2023, 04:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:calendar_event_management_system_project:calendar_event_management_system:2.3.0:*:*:*:*:*:*:* | |
First Time |
Calendar Event Management System Project calendar Event Management System
Calendar Event Management System Project |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://vuldb.com/?ctiid.220197 - Permissions Required, Third Party Advisory | |
References | (MISC) https://www.youtube.com/watch?v=eoPuINHWjHo - Exploit, Third Party Advisory | |
References | (MISC) https://vuldb.com/?id.220197 - Permissions Required, Third Party Advisory |
04 Feb 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-04 08:15
Updated : 2024-04-11 01:17
NVD link : CVE-2023-0675
Mitre link : CVE-2023-0675
CVE.ORG link : CVE-2023-0675
JSON object : View
Products Affected
calendar_event_management_system_project
- calendar_event_management_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')